Lucene search

[email protected]CVE-2006-0255

HistoryJan 18, 2006 - 1:51 a.m.

CVE-2006-0255

2006-01-1801:51:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0255

check point vpn-1

secureclient

windows

vulnerability

privilege escalation

7.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious “program.exe” file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.

CPENameOperatorVersion
checkpoint:vpn-1checkpoint vpn-1eq4.1
checkpoint:vpn-1checkpoint vpn-1eq*

CPE	Name	Operator	Version
checkpoint:vpn-1	checkpoint vpn-1	eq	4.1
checkpoint:vpn-1	checkpoint vpn-1	eq	*

References

secdev.zoller.lu/research/checkpoint.txt

www.securityfocus.com/archive/1/422263/100/0/threaded

www.securityfocus.com/bid/16290

www.vupen.com/english/advisories/2006/0258

7.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2006-0255

prion1